diff options
-rw-r--r-- | manifests/defines/vhost_varieties.pp | 121 | ||||
-rw-r--r-- | templates/vhosts/php_simplemachine/CentOS.erb | 121 |
2 files changed, 242 insertions, 0 deletions
diff --git a/manifests/defines/vhost_varieties.pp b/manifests/defines/vhost_varieties.pp index d05c6ed..c4223be 100644 --- a/manifests/defines/vhost_varieties.pp +++ b/manifests/defines/vhost_varieties.pp @@ -6,6 +6,7 @@ # - apache::vhost::php # - apache::vhost::joomla # - apache::vhost::wordpress +# - apache::vhost::simplemachine # - apache::vhost::cgi TODO # - apache::vhost::modperl TODO # - apache::vhost::modpython TODO @@ -414,6 +415,126 @@ define apache::vhost::php::wordpress( } } +# run_mode: +# - normal: nothing special (*default*) +# - itk: apache is running with the itk module +# and run_uid and run_gid are used as vhost users +# run_uid: the uid the vhost should run as with the itk module +# run_gid: the gid the vhost should run as with the itk module +define apache::vhost::php::simplemachine( + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $path = 'absent', + $owner = root, + $group = 0, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0750, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_upload_tmp_dir = 'absent', + $php_session_save_path = 'absent', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $ssl_mode = false, + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true +){ + apache::vhost::phpdirs{"${name}": + ensure => $ensure, + php_upload_tmp_dir => $php_upload_tmp_dir, + php_session_save_path => $php_session_save_path, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + } + + $real_path = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => "${path}" + } + $documentroot = "${real_path}/www" + + # create and/or put correct permissions + apache::vhost::webdir{$name: + ensure => $ensure, + path => $real_path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + } + + if ($ensure != 'absent') and $manage_directories { + apache::file::rw{ "$documentroot/attachements": + owner => $documentroot_owner, + group => $documentroot_group, + } + } + + # create vhost configuration file + apache::vhost{$name: + ensure => $ensure, + path => $path, + template_mode => 'php_simplemachine', + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + php_upload_tmp_dir => $php_upload_tmp_dir, + php_session_save_path => $php_session_save_path, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + mod_security => $mod_security, + } + + if $manage_config { + apache::vhost::file::documentrootfile{"simplemachine_configurationfile_${name}": + documentroot => $documentroot, + filename => 'Settings.php', + thedomain => $name, + owner => $documentroot_owner, + group => $documentroot_group, + } + if $config_webwriteable { + Apache::Vhost::File::Documentrootfile["simplemachine_configurationfile_${name}"]{ + mode => 0660, + } + } else { + Apache::Vhost::File::Documentrootfile["simplemachine_configurationfile_${name}"]{ + mode => 0440, + } + } + } +} # run_mode: # - normal: nothing special (*default*) diff --git a/templates/vhosts/php_simplemachine/CentOS.erb b/templates/vhosts/php_simplemachine/CentOS.erb new file mode 100644 index 0000000..ee07989 --- /dev/null +++ b/templates/vhosts/php_simplemachine/CentOS.erb @@ -0,0 +1,121 @@ +# <%= servername %> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditLogType serial + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + <%- else -%> + SecRuleEngine Off + <%- end -%> + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + </Directory> + + <IfModule mod_security2.c> + SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditLogType serial + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + <%- else -%> + SecRuleEngine Off + <%- end -%> + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> |